FRRouting 10.0-10.6 DoS via rfapiRibBi2Ri() BGP UPDATE validation flaw: CVE-2026-37460 June 2026

Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message.

Vulnerability Analysis

CVE-2026-37460 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

HIGH

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Exploit Probability

EPSS

0.02%

Percentile

4.21%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

FRRouting 10.0-10.6 DoS via rfapiRibBi2Ri() BGP UPDATE validation flawCVE-2026-37460 Published on June 3, 2026

Vulnerability Analysis

Weakness Type

Improper Input Validation

Exploit Probability

FRRouting 10.0-10.6 DoS via rfapiRibBi2Ri() BGP UPDATE validation flaw
CVE-2026-37460 Published on June 3, 2026